SCOM 2012 – How to Generate an Alert from a Log file

1 – First go to the Authoring space. Then go to Management Pack Objects then Monitors. Go ahead and scope the list for Windows Server. Expand out Windows Computers and Entity Health. Right Click on Availability and select Create a Monitor then Unit Monitor…
2 – When the Create a unit monitor wizard opens up expand out Windows Events then Repeated Event Detection (we did Simple Events last time so this time I want to show you how to look for repeated events). When you get to Repeated Events you again have three choices:
Manual Reset – 1 State, Alert – Manually resolve
Timer Reset – 2 State, Alert and Auto Resolve (Time Based)
Windows Event Reset – 2 State, Alert and Auto Resolve
Type the name and description
Specify the type of Log that we’re going to monitor
Now enter the detail information of the event viewer that we want to monitor:
Set the time interval to start the trigger
Choose the Health Sate plan
Select the Alert
Now we need to enable the monitor for your test server
Override the Monitor
Right Click on the Monitor and select Overrides, then Override the Monitor then For a specific object of class: Windows Server.
Select the server which you want to monitor
Enabled it
We can disable this monitoring by Right-click >> Disable
To check the result, go to Monitoring >> Active Alerts
By Thai Diep